GDPR


AI_data_privacy

Premium

EU AI Act next GDPR? Proof in the pudding as boardrooms prioritize data governance

2024-12-23T10:00:00+00:00By

Breaches of the EU’s GDPR can cost companies substantial sums and huge reputational damage. Now some are warning that the implementation of the EU’s AI Act will be just as far-reaching, and could potentially lead to similar numbers of cases.

ai_governance_web

Premium

Good AI governance starts with proactive, continuous risk assessments

2024-11-21T16:25:00+00:00By

Data governance has become a key concern for companies, especially when the EU AI Act and General Data Protection Regulation have put a premium on handling data responsibly and ensuring that artificial intelligence does not cause harm.

LinkedIn

News Brief

Irish DPC fines LinkedIn $335M over GDPR violations related to targeted advertising

2024-10-30T18:49:00+00:00By

The Irish Data Protection Commission fined Microsoft-owned LinkedIn 310 million euros (U.S. $335 million) over violations of the European Union’s General Data Protection Regulation related to the social media company’s data processing and targeted advertising.

AI Act

Premium

Pace of innovation will make EU AI Act hard to enforce, experts say

2024-10-17T16:22:00+01:00By

Concerns about how robustly European member states may enforce the EU AI Act, which took effect on Aug. 1, are divided between if regulators will take a “light touch” approach or a sledgehammer for noncompliance. One thing’s for sure, the pace of AI innovation will make enforcement very difficult.

CWE_Day_2_5

Event

Photo gallery: Compliance Week Europe 2024

2024-10-15T20:40:00+01:00By

Compliance Week Europe, held Oct. 15-16 in Amsterdam in partnership with our sister organization the Internation Compliance Association, gathered more than 200 GRC professionals across industries. Check out some of the sights from the event.

AI_data_privacy

Premium

Control and delete: How regulators can shutdown companies’ AI investments

2024-10-11T19:20:00+01:00By

Companies are increasingly putting their faith in AI to realize the kind of business benefits that the technology seems to promise, but they are also opening themselves up to new and potentially crippling sanctions if they are unable to answer questions that surround how AI operates.

Meta building

News Brief

Irish DPC fines Meta $102M over GDPR violation linked to improper storage of passwords

2024-09-27T22:30:00+01:00By

The Irish Data Protection Commission fined Meta Ireland 91 million euros (U.S. $102 million) for multiple violations of the European Union’s General Data Protection Regulation related to the inadvertent storage of user passwords without encryption.

AI_moneybag

Premium

AI misuse could lead to sanctions from multiple regulators, experts warn

2024-09-27T16:22:00+01:00By

The proliferation of AI, as well as the promised business cases promoting its use, has led companies around the world to quickly invest in the technology. Executives hope these AI tools will improve efficiencies, reduce costs, and help them stay competitive. But it could lead to just the opposite.

Clearview AI

Premium

Clearview AI’s GDPR fines rise to $110M total after latest penalty by Dutch DPA

2024-09-09T13:08:00+01:00By

Clearview AI was fined 30.5 million euro (U.S. $33.8 million) by the Dutch Data Protection Authority and ordered to stop collecting images of Dutch citizens in the latest enforcement action against the U.S. company.

Uber

News Brief

Dutch DPA fines Uber $324M over transferring driver data to U.S.

2024-08-27T15:56:00+01:00By

The Dutch Data Protection Authority fined Uber 290 million euros (U.S. $323.7 million) for illegally transferring data on European drivers to American servers and failing to appropriately safeguard the transfers.

uniqlo_web

News Brief

Spanish DPA dings retailer Uniqlo $294K over GDPR violations

2024-08-19T19:25:00+01:00By

Spain’s data protection authority fined retailer Uniqlo Europe 270,000 euros (U.S. $294,000) over admitted violations of the European Union’s General Data Protection Regulation.

GDPRgavel

Premium

What’s the problem for GDPR repeat offenders?

2024-05-02T14:57:00+01:00By

The General Data Protection Regulation has been in force for nearly six years. Some industries—and some companies—have been more prone to fall foul of the rules than others.

Avast

News Brief

Czech DPA fines Avast $15M over GDPR violations

2024-04-25T16:33:00+01:00By

The Czech Republic’s data protection authority issued a fine of 351 million Czech koruna (U.S. $15 million) against antivirus software vendor Avast for alleged violations of the General Data Protection Regulation.

EU data flag

Premium

EDPB decision sparks ‘consent or pay’ debate for Big Tech firms

2024-04-19T19:16:00+01:00By

Big Tech firms might need to rethink their plans to charge users for not selling their personal data for behavioral advertising following a decision by Europe’s primary data regulator.

Facial recognition scan

Premium

Focused on consumer privacy? Don’t forget employees’ rights

2024-04-17T15:09:00+01:00By

The implications of a privacy rights case involving a U.K.-based Uber Eats driver underscore a popular belief that companies prioritize protecting the personal information of their customers over the data rights of their employees.

Hodge_opinion

Opinion

New leadership no easy fix for Irish DPC’s GDPR woes

2024-03-29T13:41:00+00:00By

The Irish Data Protection Commission has a new leadership structure, but it is uncertain whether the changes can get the key privacy regulator caught up on enforcement of the General Data Protection Regulation.

UK privacy

Premium

ICO primed for enforcement increase behind new fining guidance?

2024-03-25T13:36:00+00:00By

The Information Commissioner’s Office updated its data protection fining guidance to provide companies with greater transparency and clarity about how and why it would issue penalties for a breach of the U.K. General Data Protection Regulation or Data Protection Act 2018.

Privacy Shield

Premium

Privacy by design a silver bullet for stemming AI risks?

2024-03-15T17:41:00+00:00By

The proliferation of artificial intelligence technologies—and their reliance on publicly available data—has reinforced the need for tech developers and the companies using their solutions to ensure privacy by design and by default is at the crux of any offering.

UniCredit

News Brief

​Italian DPA fines UniCredit $3M over data breach GDPR lapses

2024-03-11T15:54:00+00:00By

The Italian data protection authority announced a fine of €2.8 million (U.S. $3 million) against UniCredit for alleged violations of the General Data Protection Regulation regarding insufficient security measures the bank had in place during a cyberattack.

GDPR EU flag

Premium

Public consultation on GDPR opens door for changes

2024-02-20T14:24:00+00:00By

Feedback from a European Commission consultation on the six years of enforcement of the General Data Protection Regulation could result in tweaks to the rules and potential changes to the way data protection authorities enforce them.

Cloud Computing

Premium

Toeing the ‘fine line’ of cloud security compliance

2024-02-14T22:26:00+00:00By

When organizations move their data or operations to the cloud, the compliance team has their work cut out and then some, experts discussed at CW’s Cyber Risk & Data Privacy Summit.

Employee monitoring

Premium

The blurred lines of employee monitoring under GDPR

2024-02-09T20:03:00+00:00By

The French data regulator’s fine against an Amazon warehouse manager for violating employees’ rights to privacy in the workplace once again raises questions about what constitutes an overzealous approach to employee monitoring and why companies fail to recognize the signs.

Amazon warehouse

Premium

Examining precedent set by French DPA’s Amazon employee monitoring fine

2024-02-07T18:03:00+00:00By

The decision by France’s data regulator to fine an Amazon warehouse manager for breaches of the General Data Protection Regulation over the way it monitored employee productivity raises questions about the reach data protection authorities have over corporate conduct.

Uber

News Brief

Uber facing $11M fine over driver privacy rights violations

2024-02-05T19:38:00+00:00By

Ride-hailing company Uber Technologies was assessed a penalty of €10 million (U.S. $11 million) by the Dutch Data Protection Authority for alleged privacy rights violations regarding the handling of European drivers’ personal data.

Meta Platforms

Premium

Meta’s ‘pay or consent’ model to force GDPR to adapt?

2024-01-31T14:52:00+00:00By

Experts weigh in on Meta’s plans to charge EU users monthly if they do not want to be tracked for online advertising and what the ramifications of the model would mean for the future of the General Data Protection Regulation.

ICO

News Brief

ICO seeking input on generative AI to inform guidance

2024-01-25T21:38:00+00:00By

The U.K. Information Commissioner’s Office is seeking input from developers, users, and those interested in generative artificial intelligence to help inform policy and guidance regarding the technology.

Amazon trucks

News Brief

Amazon unit fined $35M under GDPR for employee productivity tracking

2024-01-24T03:50:00+00:00By

Amazon’s warehouse management arm in France was assessed a penalty of €32 million (U.S. $35 million) for violating the General Data Protection Regulation by excessively tracking the productivity of employees.

Microsoft store

News Brief

GDPR-minded Microsoft offers cloud customers EU-based personal data storage

2024-01-12T18:41:00+00:00By

Microsoft announced an expansion to its European Union data storage efforts that would allow cloud customers to keep all personal data stored within the EU boundary.